[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: PKI Action Plan 0.2
Steve, A few comments: 1. In the introduction, para 2: "But high costs and interoperability problems have limited the use of PKI." I'd suggest saying "But a number of barriers, including lack of applications, high costs, poor understanding of its benefits, and interoperability problems have contributed to the limited use of PKI." 2. The comment, "Within two years, PKI deployment should be substantially easier." may be too optimistic given harsh reality. How about " The PKI TC believes that a serious effort by industry practitioners to execute the action plan will contribute to increased usage." --or soimething along those lines. 3. Last Paragraph, Section 2.0: I would suggest deleting the sentence, "Membership fees are quite low, especially for individuals and non-profit organizations." This seems to make it more like a commercial than an invitation. 4. In seeking comments on the action plan, I suggest abit more specfificity in what we are asking for with respect to comments, and perhaps a more direct request for help in developing a multi-facted plan, with the TC working with other bodies, vendors, users, etc. to achieve our goals of accelerated use of PKI. I suggest that we more directly seek input from a variety of stakeholders as to the viability of the plan, the relative importance of action steps, the resources and level of effort necessary to achieve specific deliverables, work already underway or planned which will address these issues, the appropriate bodies internationally that may be best positioned to deal with specific actions, and whether (and how) such a plan should be coordinated among stakeholders. I am suggesting this in part because major efforts have been undertaken (e.g., EEMA PKI Challenge)with huge resource investments, and they have come up with some progress, but no ultimate solution on very specific issues. I just think the plan suggests that the task is easily achieved...may be read by some experienced people that we are perhaps a bit naive regarding the complexity of the issues etc. My suggestion then would be to directly acknowledge the challenge and yet offer the action plan as an effort to establish a multi-faceted and coordinated effort. At the ISSE2003 conference there has been lots of talk about PKI, and how it never achieved its promise, how most of the issues aren';t technical, etc etc...a very big context and lots of activities have been undertaken,and yet there are large deployments coming about (e.g., Spanish e-Identity card)despite the obstacles -- hence my suggestions about acknowledging such efforts, and seeking assistance in building a industry-wide plan. Hope these comments are useful. Thanks, John Let me know if you think ------------------------------------------------------------------ John T. Sabo, CISSP Manager, Security Privacy and Trust Initiatives Computer Associates International 2291 Wood Oak Drive Herndon, Virginia, 20171 USA Phone: +1 703-708-3037 Mobile: +1 443-629-6198 -----Original Message----- From: Steve Hanna [mailto:steve.hanna@sun.com] Sent: Monday, October 06, 2003 1:30 PM To: PKI TC Subject: [pki-tc] PKI Action Plan 0.2 Here (attached to this email) is a slightly revised version of our PKI Action Plan. I changed the wording in one item (the "Develop Application Guidelines for PKI Use" item) in response to comments received from a PKI TC member. Since we agreed to have a review period until last Friday for review within the TC and I have made all the changes requested during that period (only one), I think we can move on to discussing this plan on a confidential basis with a small number of key stakeholders. As agreed at the F2F, we'll feed back comments from these stakeholders to the PKI TC email list and aim to release a draft for public review at the end of October. BTW, if you have not reviewed this plan, please do so now. Thanks, Steve
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]